- markus@cvs.openbsd.org 2002/02/11 16:17:55

[sshd.c] do not complain about port > 1024 if rhosts-auth is disabled
2002-02-13 13:54:44 +11:00 · 2002-02-13 13:54:44 +11:00 · 654c03fd06
parent 2ce18dabf3
commit 654c03fd06
2 changed files with 8 additions and 4 deletions
--- a/5
+++ b/5
@ -7,6 +7,9 @@
   - markus@cvs.openbsd.org 2002/02/11 16:15:46
     [sshconnect1.c]
     include md5.h, not evp.h
+   - markus@cvs.openbsd.org 2002/02/11 16:17:55
+     [sshd.c]
+     do not complain about port > 1024 if rhosts-auth is disabled

 20020210
 - (djm) OpenBSD CVS Sync
@ -7554,4 +7557,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1840 2002/02/13 02:54:27 djm Exp $
+$Id: ChangeLog,v 1.1841 2002/02/13 02:54:44 djm Exp $
--- a/sshd.c
+++ b/sshd.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.224 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.225 2002/02/11 16:17:55 markus Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -1207,8 +1207,9 @@ main(int ac, char **av)
 	 * machine, he can connect from any port.  So do not use these
 	 * authentication methods from machines that you do not trust.
 	 */
-	if (remote_port >= IPPORT_RESERVED ||
-	    remote_port < IPPORT_RESERVED / 2) {
+	if (options.rhosts_authentication &&
+	    (remote_port >= IPPORT_RESERVED ||
+	    remote_port < IPPORT_RESERVED / 2)) {
 		debug("Rhosts Authentication disabled, "
 		    "originating port %d not trusted.", remote_port);
 		options.rhosts_authentication = 0;